Beware of Olympic-Related Scams, Malware, Spam

The Department of Homeland Security laid out the many threats to the Olympic Games in a detailed warning last week. DHS warned about politically-motivated attempts to disrupt the games that may use physical methods or cyber-attacks, such as defacing websites and distributed-denial-of-service attacks. The warning also devoted a section to potential spear phishing attacks to steal information and malware and spam designed to divert Internet users to malicious sites.

Cyber-criminals are using the upcoming summer Olympic Games in London as bait to lure unsuspecting Internet users to their malicious websites and scams.

The Department of Homeland Security laid out the many threats to the Olympic Games in a detailed warning last week. DHS warned about politically-motivated attempts to disrupt the Games that may use physical methods or cyber-attacks, such as defacing websites and distributed-denial-of-service attacks. The warning also devoted a section to potential spear phishing attacks to steal information and malware and spam designed to divert Internet users to malicious sites.

Let the 2012 London Malware Olympics Begin!The 2012 Summer Olympics are scheduled to begin in London on July 27, and phishing and scam attacks offering tickets have already begun circulating, said the DHS. The attacks are designed to trick users into handing over personal information and credit card information. Cyber-criminals have also begun sending out malicious attachments, one of which exploit an older stack buffer overflow vulnerability to download additional malware, the DHS warned.

Users should be "wary of Olympic (and any other current event) themed emails that have attachments and/or links," F-Secure wrote in a recent blog post.

Researchers at F-Secure discovered a specially crafted PDF file masquerading as a copy of the London 2012 Olympics schedule. The schedule itself is legitimate, as the original file is still on the official London Olympics page. However, once this file is opened, it exploits a two-year-old vulnerability (CVE-2010-2883) in older versions of Adobe Reader and Acrobat. The PDF file acts as a dropper, downloading other executables onto the compromised computer to launch other attacks.

Considering that the vulnerability was patched a long time ago by Adobe, users should be safe, right? Not quite, since end users and administrators don't always keep up with the latest versions of software. Criminals often rely on exploits targeting older vulnerabilities because they know there are enough potential victims out there who haven't patched the flaws.

"If you don't already have the current version of Adobe Reader, you really should go get it now,” F-Secure researchers wrote in the blog post.

Olympic SEOCyber-criminals can also create malicious sites to distribute fake antivirus and other types of rogueware. They employ SEO tricks to ensure these sites appear on search result pages for certain keywords, and users are tricked into downloading malicious software. There will also be sites offering exclusive footage, but really using fake videos and codecs to distribute malware.

Since Yahoo was the "top ranked global destination for Olympics coverage for the past three Games," it is "probable" that criminals will target Yahoo for SEO poisoning for the 2012 Games, according to the DHS.

Olympic DefensesAs F-Secure researchers said, your systems should have the latest software versions and the operating system should be fully patched. Don't click on links promising deals that you weren't looking for, and scrutinize links carefully when searching for Olympic-related pages. If you need Olympic-themed apps and software, make sure they are coming from reputable sources.

Criminals targeted the Beijing Olympics some 12 million times a day in 2008, according to the document. "During the 2008 Beijing Olympics, one gang made approximately $3.5 million USD selling fake tickets online to unsuspecting victims," the DHS warned. Users landed on these fake ticket sites after clicking on a link in a spam message.

The organization running the Olympics is working hard to make sure their systems can sustain attacks from external threats, but you need to protect your own computers and your data.

About the Author

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Inte... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.